If using the suid sandbox, but not using the seccomp sandbox, there is a

If using the suid sandbox, but not using the seccomp sandbox, there is a
good chance that we will produce a zombie process inside of the new
pid namespace. This happens, because we create a short-lived helper
process when setting up the pid namespace, but the new "init" process
never gets around to reaping this process.

It would have reaped it, if it had received a SIGCHLD signal from any
other process that died. But without the seccomp sandbox, that doesn't
happen very frequently.

This changelist reorders instructions so that we always look for dead
children at least once, when starting the mainloop of the new "init"
process. In doing so, we will always find and reap our dead helper
process.

BUG=109944
TEST=Run Chrome with the suid but without the seccomp sandbox, grep for "defunct" processes in the output of "ps auxw". There shouldn't be any.
Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=126188

[agl, 2012-03-12 15:24:01]

lgtm